Wednesday, May 25, 2005

More Malware

Researchers at Symantec have seen the malicious program used in the ransom attack. The "Trojan.Pgpcoder" searches a victim's hard disk drive for 15 common file types, including images and Microsoft Office file types. It then encrypts the files, removes the originals and drops a note asking $200 for the encryption key, Friedrichs said. A Websense customer fell victim to the attack. Luckily, in this case the encryption wasn't very sophisticated and Websense was able to decode the customer's files, said Dan Hubbard, senior director of security and research at Websense. "In this case we could help, but every variant can be different," he said.

Websense, however, doesn't see a trend yet. Attackers leave a trail if they ask for money, Hubbard said: "This type of attack is not that difficult to perform. However, in order to collect money the attackers are leaving themselves open to investigation and tracing."